The US Justice Department (DOJ) indicted three Iranian men on Friday, accusing them of orchestrating Iran’s alleged hack-and-leak operation targeting Donald Trump’s presidential campaign. The charges outline a sweeping effort to steal sensitive data from current and former government officials and to undermine trust in the presidential election.
According to the indictment, the conspirators fixed their focus on the presidential campaign starting in May after years of compromising the accounts of former US government officials. Using the same hacking effort, they successfully infiltrated personal accounts connected to the campaign, including those of top officials, and obtained confidential documents and emails. By late June, their activities intensified into a “hack-and-leak” campaign, using the stolen material as a weapon to sway the political narrative and disrupt the election process. The DOJ stated that the hackers also contacted the Biden-Harris campaign, offering access to Trump’s debate preparation material.
US Attorney General Merrick B. Garland stated in a press release on Friday: “The Justice Department is working relentlessly to uncover and counter Iran’s cyberattacks aimed at stoking discord, undermining confidence in our democratic institutions, and influencing our elections.” He added: “The American people – not Iran, or any other foreign power – will decide the outcome of our country’s elections.”
FBI Director Christopher Wray said:
Today’s charges represent the culmination of a thorough and long-running FBI investigation that has resulted in the indictment of three Iranian nationals for their roles in a wide-ranging hacking campaign sponsored by the Government of Iran … The conduct laid out in the indictment is just the latest example of Iran’s brazen behavior. So today the FBI would like to send a message to the Government of Iran – you and your hackers can’t hide behind your keyboards.
The indictment claimed that the activity of the three men “is part of Iran’s continuing efforts to stoke discord, erode confidence in the US electoral process, and unlawfully acquire information” to aid Iran’s Islamic Revolutionary Guard Corps (IRGC). The DOJ alleged that the Iranian hackers sought this information to “avenge the death of Qasem Soleimani,” a commander in the IRGC. The US military killed Soleimani in a January 2020 drone strike, prompting Iran to vow retaliation. Since then, US officials have monitored multiple revenge plots.
The hacker trio faces charges of conspiracy to steal information, wire fraud, identity theft, and providing material support to the IRGC, a designated foreign terrorist organization. However, this doesn’t guarantee they’ll stand trial in the US, as cybercriminals often operate from countries that refuse to extradite them.
Among those targeted by Iran was Ginni Thomas, a conservative activist and the wife of US Supreme Court Justice Clarence Thomas, as part of a campaign to impersonate prominent figures connected to Donald Trump. Between April and May 2024, they used a fake persona in her name to send spearphishing emails to a former homeland security adviser and other high-profile targets.
The tactics from Iran are far from new. US intelligence officials point out that Iran’s attempts to fuel division and disrupt Trump’s bid to win the presidency are a replay of the interference strategies they employed in 2020. In a joint statement on September 18, the Office of te Director of National Intelligence (ODNI), Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) warned: “Foreign actors are increasing their election influence activities as we approach November.” They highlighted that “Russia, Iran, and China are trying by some measure to exacerbate divisions in US society for their own benefit” and view election periods as “moments of vulnerability.” They emphasized that any attempts to undermine democratic institutions are a “direct threat to the US and will not be tolerated.”